Add-CACrlDistributionPoint

  • 아티클

Add-CACrlDistributionPoint

Adds a certificate revocation list (CRL) distribution point uniform resource indicator (URI) where AD CS publishes certification revocations.

구문

Parameter Set: Default
Add-CACrlDistributionPoint [-Uri] <String> [-AddToCertificateCdp] [-AddToCrlCdp] [-AddToCrlIdp] [-AddToFreshestCrl] [-Force] [-PublishDeltaToServer] [-PublishToServer] [ <CommonParameters>]

자세한 설명

The Add-CACRLDistributionPoint cmdlet adds a certificate revocation list (CRL) distribution point URI where the CA publishes certification revocations.

You can add certificate revocation list (CRL) distribution points in issued certificates by using this powershell cmdlet. However, adding the URL for a CRL distribution point only affects newly issued certificates. Previously issued certificates will continue to reference the original location.

To indicate that you want to use a URL as a CRL distribution point, use the switch PublishCRL.

To indicate that you want to use a URL as a delta CRL distribution point, use the switch PublishDeltaCRL.

To indicate that you want to publish this location in CRLs to point clients to a delta CRL, use the switch IncludeDeltaCRLs.

CRL uniform resource locators can be HTTP or LDAP paths. You can use the following variables depending upon the switch when specifying the address of the CRL.

<CAName>, which is replaced by the name of the targeted CA.

<CAObjectClass>, which is replaced by object class identifier for a CA, used when publishing to an LDAP URL.

<CATruncatedName>, which is replaced by sanitized name of the CA, truncated to 32 characters with a hash at the end.

<CDPObjectClass>, which is replaced by the object class identifier for CRL distribution points, used when publishing to an LDAP URL.

<CertificateName>, which is replaced by the renewal extension of the CA.

<ConfigurationContainer>, which is replaced by the location of the Configuration container in Active Directory Domain Services (AD DS) location.

<CRLNameSuffix>, which is replaced by inserts a name suffix at the end of the file name when publishing a CRL to a file or URL.

<DeltaCRLAllowed>, which is replaced by the CRLNameSuffix variable with a separate suffix to distinguish the delta CRL from the CRL; used when a delta CRL is published.

<ServerDNSName>, which is replaced by the DNS name of the CA server.

<ServerShortName>, which is replaced by the NetBIOS name of the CA server.

매개 변수

-AddToCertificateCdp

Include in the CDP extension of issued certificates. This parameter is available for use with LDAP, HTTP, UNC, and File paths.

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-AddToCrlCdp

Include in the certificate revocation list (CRL). This parameter is available for use with LDAP paths.

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-AddToCrlIdp

Include in the IDP extension of issued certificates. This parameter is available for use with LDAP and HTTP paths.

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-AddToFreshestCrl

Include in the most recent (freshest) certificate revocation list (CRL). This parameter is available for use with LDAP, HTTP, UNC, and file paths.

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-Force

사용자 확인을 요구하지 않고 명령을 실행합니다.

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

-PublishDeltaToServer

Publish the delta certificate revocation list (CRL). This parameter is available for use with LDAP, UNC, local, and file paths.

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-PublishToServer

Publish the certificate revocation list (CRL) to the specified server. This parameter is available for use with LDAP, local, UNC, and file paths.

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-Uri<String>

Specifies the uniform resource identifier (URI) for the distribution point location of the certificate revocation list (CRL). This is the location from where status information about certificate revocation will be retrieved and the location the CRL will be published.

별칭

없음

필수 여부

true

위치

2

기본값

없음

파이프라인 입력 적용 여부

true (ByValue, ByPropertyName)

와일드카드 문자 허용 여부

false

<CommonParameters>

이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216).

입력

입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.

  • System.String

출력

출력 유형은 cmdlet이 내보내는 개체의 유형입니다.

  • Microsoft.CertificateServices.Administration.Commands.CA.CrlDistributionPointResult

    The output object type has a single property named Restart of Boolean type. If Restart equals True, then the CA must be restarted.

예제

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

Adds a certificate revocation list (CRL) distribution point for the URI of http://ca1.corp.contoso.com/pki/\<CAName>.crl and sets the CRL URI to be included in issued certificates.

C:\PS>Add-CACRLDistributionPoint -Uri http://ca1.corp.contoso.com/pki/<CAName>.crl -AddToCertificateCdp

관련 항목

Get-CACrlDistributionPoint

Remove-CACrlDistributionPoint